Vulnx

<h1 align="center"> vulnx </h1> <p align="center"> <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-_red.svg" alt="MIT License"></a> <a href="https://goreportcard.com/badge/github.com/projectdiscovery/vulnx"><img src="https://goreportcard.com/badge/github.com/projectdiscovery/vulnx" alt="Go Report Card"></a> <a href="https://pkg.go.dev/github.com/projectdiscovery/vulnx/pkg/vulnx"><img src="https://img.shields.io/badge/go-reference-blue" alt="Go Reference"></a> <a href="https://github.com/projectdiscovery/vulnx/releases"><img src="https://img.shields.io/github/release/projectdiscovery/vulnx" alt="GitHub Release"></a> <a href="https://twitter.com/pdiscoveryio"><img src="https://img.shields.io/twitter/follow/pdiscoveryio.svg?logo=twitter" alt="Twitter Follow"></a> <a href="https://discord.gg/projectdiscovery"><img src="https://img.shields.io/discord/695645237418131507.svg?logo=discord" alt="Discord"></a> <a href="https://starlog.is/articles/cybersecurity/projectdiscovery-vulnx"> <img src="https://img.shields.io/badge/Starlog-Deep_Dive-00e5ff?style=flat&logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0id2hpdGUiPjxwYXRoIGQ9Ik0xMiAyTDkgOUgyTDcgMTRMNSAyMkwxMiAxN0wxOSAyMkwxNyAxNEwyMiA5SDE1TDEyIDJaIi8+PC9zdmc+" alt="Starlog Deep Dive"> </a> </p> <h4 align="center"> Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities </h4>

Quick Start

# 1. Get vulnx
go install github.com/projectdiscovery/vulnx/v2/cmd/vulnx@latest

# 2. Explore commands
vulnx --help
vulnx search --help

# 3. Start exploring vulnerabilities (no API key required)
vulnx filters                          # See all available search fields
vulnx search apache                    # Basic search (subject to rate limits)

# 4. Set up your API key (recommended to avoid rate limits)
vulnx auth                              # Get free API key at https://cloud.projectdiscovery.io

# 5. Enhanced exploration with higher limits
vulnx search apache                    # No rate limits
vulnx id CVE-2021-44228               # Faster responses

What vulnx Does

Search vulnerabilities with precision:

vulnx search "severity:critical && is_remote:true"
vulnx search "apache || nginx" --limit 20
vulnx search "cvss_score:>8.0 && cve_created_at:2024"

Get detailed vulnerability info:

vulnx id CVE-2021-44228
vulnx id CVE-2024-1234 --json

Analyze vulnerability patterns:

vulnx analyze --fields severity
vulnx analyze --fields affected_products.vendor

Core Commands

| Command | Purpose | Example | |---------|---------|---------| | search | Find vulnerabilities with advanced filters | vulnx search "apache && severity:high" | | id | Get details for specific CVE | vulnx id CVE-2021-44228 | | filters | List all available search fields and filters | vulnx filters | | analyze | Aggregate data by fields | vulnx analyze -f severity | | auth | Configure API access | vulnx auth | | version | Show version info and check for updates | vulnx version | | update | Update vulnx to latest version | vulnx update | | healthcheck | Test connectivity | vulnx healthcheck |

Essential Options

Output formats:

vulnx search "apache" --json              # Machine-readable JSON
vulnx search "apache" --output results.json  # Save to file
vulnx search "apache" --silent            # Quiet output

Search control:

vulnx search "apache" --limit 50          # Get 50 results
vulnx search "apache" --sort-desc cvss_score  # Sort by CVSS score
vulnx search "apache" --fields cve_id,severity  # Specific fields only

Advanced search:

vulnx search --term-facets severity=5,tags=10 "apache"
vulnx search --range-facets numeric:cvss_score:high:8:10 "remote"
vulnx search --highlight "apache"            # Enable search highlighting
vulnx search --facet-size 20 "nginx"         # More facet buckets
vulnx search --detailed "xss"                # Detailed output like 'id' command

Discovering Available Fields

Explore what you can search on:

vulnx filters                           # Show all available search fields
vulnx filters --json                    # Machine-readable field list
vulnx filters --output fields.json      # Save field info to file

The filters command shows detailed information about all searchable fields including:

• Field names and data types
• Descriptions and examples
• Whether fields support sorting and faceting
• Available enum values for specific fields
• Search analyzer types

Example output:

Field: severity
Data Type: string
Description: Vulnerability severity level (e.g., critical, high, medium, low, info)
Can Sort: Yes
Facet Possible: Yes
Search Analyzer: keyword-lower
Examples: severity:critical, severity:high
Enum Values: critical, high, medium, low, info, unknown

Total: 69 filters available

Use this command to discover new search possibilities and understand field syntax before building complex queries.

Common Search Patterns

Find high-risk vulnerabilities:

vulnx search "severity:critical && is_remote:true && is_kev:true"
vulnx search "cvss_score:>8.0 && cve_created_at:>=2024"  # High CVSS from 2024
vulnx search "is_kev:true && age_in_days:<90"            # Recent KEV exploits

Search by technology:

vulnx search "apache"                     # Apache vulnerabilities
vulnx search "apache || nginx"          # Multiple technologies
vulnx search "affected_products.vendor:microsoft"  # By vendor

Filter by severity and scores:

vulnx search "severity:high"              # High severity
vulnx search "cvss_score:>7.0"            # CVSS score above 7
vulnx search "epss_score:>0.8"            # High EPSS score

Time-based searches:

vulnx search "cve_created_at:>=2024"      # Published in 2024 or later
vulnx search "cve_created_at:>=2024-01-01 && cve_created_at:<2024-07-01"  # First half of 2024
vulnx search "age_in_days:<30"            # Recent vulnerabilities (last 30 days)

Find exploitable vulnerabilities:

vulnx search "is_poc:true"                # Has proof of concept
vulnx search "is_kev:true"                # Known exploited vulns
vulnx search "is_template:true"           # Has Nuclei templates
vulnx search --detailed "log4j"          # Detailed analysis of specific vuln

Filter Flags

Filter Flags Reference

| Flag | Short | Description | Example | |------|-------|-------------|---------| | --product | -p | Filter by products | --product apache,nginx | | --vendor | | Filter by vendors | --vendor microsoft,oracle | | --severity | -s | Filter by severity | --severity critical,high | | --tags | | Filter by tags | --tags rce,injection | | --cvss-score | | Filter by CVSS score | --cvss-score ">8.0" | | --epss-score | | Filter by EPSS score | --epss-score ">0.8" | | --vuln-age | -a | Filter by age | --vuln-age "<30" | | --vuln-type | | Filter by vulnerability type | --vuln-type sql_injection | | --kev | | KEV vulnerabilities only | --kev | | --template | -t | Has Nuclei templates | --template | | --poc | | Has proof of concept | --poc | | --hackerone | | HackerOne reported | --hackerone | | --remote-exploit | | Remotely exploitable | --remote-exploit | | --vuln-status | | Filter by vuln status | --vuln-status confirmed |

Search Control Flags

| Flag | Short | Description | Example | |------|-------|-------------|---------| | --detailed | | Detailed output like 'id' | --detailed | | --highlight | | Enable search highlighting | --highlight | | --limit | -n | Number of results | --limit 50 | | --offset | | Pagination offset | --offset 100 | | --sort-asc | | Sort ascending | --sort-asc cvss_score | | --sort-desc | | Sort descending | --sort-desc cve_created_at | | --fields | | Select specific fields | --fields cve_id,severity | | --term-facets | | Calculate term facets | --term-facets severity=5 | | --range-facets | | Calculate range facets | --range-facets numeric:cvss_score:high:8:10 | | --facet-size | | Facet bucket count | --facet-size 20 |

Product and vendor filtering:

vulnx search --product apache,nginx     # Filter by products (searches both vendor and product fields)
vulnx search --vendor microsoft,oracle  # Filter by vendors only
vulnx search "NOT apache"               # Exclude products using query syntax
vulnx search "NOT affected_products.vendor:microsoft"  # Exclude vendors using query syntax

Severity and scoring:

vulnx search --severity critical,high   # Filter by severity
vulnx search "NOT severity:low"         # Exclude severities using query syntax
vulnx search --cvss-score ">8.0"        # Filter by CVSS score
vulnx search --epss-score ">0.8"        # Filter by EPSS score
vulnx search --vuln-status confirmed     # Filter by status
vulnx search --vuln-age "<30"           # Recent vulnerabilities

Exploit characteristics:

vulnx search --kev                      # KEV vulnerabilities only
vulnx search --template                 # Has Nuclei templates
vulnx search --poc                      # Has proof of concept
vulnx search --hackerone                # HackerOne reported
vulnx search --remote-exploit           # Remotely exploitable

Vulnerability ID Lookup

Multiple input methods:

# Single ID lookup
vulnx id CVE-2024-1234

# Multiple IDs (comma-separated)
vulnx id CVE-2024-1234,CVE-2024-5678,CVE-2023-9999

# Auto-detection from stdin (no 'id' command needed!)
echo "CVE-2024-1234" | vulnx
echo -e "CVE-2024-1234\nCVE-2024-5678" | vulnx

# File input
vulnx id --file ids.txt

Batch processing: